The Národní úřad pro kybernetickou bezpečnost (National Cyber and Information Security Agency, or NÚKIB) recently announced that the Czech Republic experienced an above-average number of cyber incidents in May 2021. While the agency recorded 19 cyber incidents during that period, all were considered less significant as they had no serious consequences. However, NÚKIB issued a warning, emphasizing that the country is increasingly facing cyber threats, urging organizations to take immediate steps to protect themselves.

Disruptions in service availability accounted for the majority of the cyber incidents in May, with NÚKIB classifying 11 of them under this category. Additionally, two incidents involved distributed denial of service (DDoS) attacks, primarily targeting state administration institutions. DDoS attacks have become a prevalent form of cyber attack, particularly in the context of the ongoing cyberwar paralleling the conflict in Ukraine.

NÚKIB also raised concerns about the growing threat of ransomware attacks within the country. Such attacks can inflict significant damage on infected machines by encrypting all data stored on the hard drive. The attackers then demand a ransom in exchange for restoring access to the data, often amounting to several thousand Czech korunas. However, even if the ransom is paid, there is no guarantee that the attackers will release the data, and recovery of unbacked-up information is usually impossible.

In a notable incident recorded in May, NÚKIB observed a relatively new trend among ransomware attackers. Rather than encrypting the victim’s data, they opted to threaten its public release—an approach known as “extortion-only.” This development necessitates a shift in the preparedness of organizations facing ransomware attacks.

The number of cyber incidents recorded by NÚKIB this year has been fluctuating. In January, the agency recorded an above-average 21 incidents, while February saw an average of 13 incidents. March marked a record-breaking month, with 28 incidents recorded, followed by a return to the standard in April, with 14 incidents.

The mounting cyber threats faced by the Czech Republic underscore the urgent need for organizations to prioritize their cybersecurity. This entails implementing robust measures such as firewalls, antivirus software, and intrusion detection systems. Equally important is educating employees about recognizing and avoiding cyber threats. Failure to adopt adequate measures could result in severe consequences, including damage to an organization’s reputation, loss of critical data, and financial losses.

NÚKIB’s warning regarding the above-average number of cyber incidents serves as a critical reminder of the escalating cyber attack landscape in the Czech Republic. All organizations must take proactive steps to safeguard themselves against these threats. Cybersecurity is an essential issue that demands attention and action from every organization operating within the country.

Article by Prague Forum